Description of problem: selinux policy prevents BackupPC's GUI from working. Version-Release number of selected component (if applicable): 4.3.1-3 How reproducible: always Steps to Reproduce: 1. Visit the BackupPC GUI and click on "Host Summary" 2. 3. Actual results: The following error is shown (reduced to the relevant lines): This CGI script (/BackupPC) is unable to connect to the BackupPC server on localhost port -1. The error was: unix connect to /var/run/BackupPC/BackupPC.sock: Permission denied. Expected results: The host summary page is shown Additional info: There is already an entry in selinux/BackupPC.te which handled this in the past, however the server process now appears to run with a different context: ps axZ | grep BackupPC system_u:system_r:unconfined_service_t:s0 8947 ? Ss 0:00 /usr/bin/perl /usr/share/BackupPC/bin/BackupPC Previusly, it ran in initrc_t context. So basically, just replace all occurences of "initrc_t" by "unconfined_service_t " in selinux/BackupPC.te and it will work again. I did NOT test it on Fedora 30!
Let me see if I can reproduce on a clean install in a VM. I try to be very careful with changes to the selinux stuff. I don't fully understand it :)
BTW: I *did* test it on a freshly installed F31-VM :-) Oh and while testing install in that VM, I got the following (which I overlooked previously): /usr/lib/tmpfiles.d/BackupPC.conf:1: Line references path below legacy directory /var/run/, updating /var/run/BackupPC → /run/BackupPC; please update the tmpfiles.d/ drop-in file accordingly. So: That should be updated as well :-)
Created attachment 1652515 [details] Patch which fixes the bug
I haven't forgotten about this but haven't had time to look into it either. Since I have maintained BackupPC I have not needed a different SELinux policy between Fedora releases (or CentOS) and I would rather not have release specific settings.
I finally got around to testing the changes on my CentOS 7 box and everything looks OK so I'm going to do official builds. Hopefully nothing breaks :)
FEDORA-2020-18c7d01dcf has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-18c7d01dcf
BackupPC-4.3.2-1.el8 has been pushed to the Fedora EPEL 8 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-7536856c92
BackupPC-4.3.2-1.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-18c7d01dcf
BackupPC-4.3.2-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.
BackupPC-4.3.2-1.el8 has been pushed to the Fedora EPEL 8 stable repository. If problems still persist, please make note of it in this bug report.